Monday, April 23, 2012

The Disaster Recovery Plan - Part 3

Disaster Recovery Plan

In its full context, the focus of a Disaster Recovery Plan (DRP) is to restore the operability of systems that support mission-critical and critical business processes. The objective is for the organization to return to normal operations as soon as possible. Since many mission-critical and critical business processes depend on a technology infrastructure consisting of applications, data, and IT hardware, the DRP should be an IT focused plan. Every organization should develop a Disaster Recovery Plan for all applications. Restoration of systems does not necessarily imply technology redundancy. The DRP may call for some procedures to be completed manually. The decision to revert to manual procedures, rather than to build and maintain an IT infrastructure is a cost-driven decision made by the organization. Having a DRP in place reduces the risk that the length of time that a disruption in a business process does not go beyond what has been determined to be acceptable by management in the organization. During the recovery phase, the focus is on establishing controls over occurring events to limit the risk of any additional loses.

source:// SANS Institute InfoSec Reading Room
Posted by No comments:
Tags: ,

Saturday, April 21, 2012

The Disaster Recovery Plan - Part 2

Disaster Recovery Process

A disaster is defined as a sudden, unplanned catastrophic event that renders the organizations ability to perform mission-critical and critical processes, including the ability to do normal production processing of systems that support critical business processes. A disaster could be the result of significant damage to a portion of the operations, a total loss of a facility, or the inability of the employees to access that facility.

The disaster recovery process consists of defining rules, processes, and disciplines to ensure that the critical business processes will continue to function if there is a failure of one or more of the information processing or
telecommunications resources upon which their operations depends. The following are key elements to a disaster recovery plan:
  • Establish a planning group
  • Perform risk assessment and audits
  • Establish priorities for applications and networks
  • Develop recovery strategies
  • Prepare inventory and documentation of the plan
  • Develop verification criteria and procedures
  • Implement the plan
Key people from each business unit should be members of the team and included in all disaster recovery planning activities. The disaster recovery planning group needs to understand the business processes, technology, networks, and systems in order to create a DRP. A risk and business impact analysis should be prepared by the disaster recovery planning group that includes at least the top ten potential disasters. After analysing the potential risks, priority levels should be assigned to each business process and application/ system. It is important to keep inventory up-to-date and have a complete list of equipment, locations, vendors, and points of contact.

The goal is to provide viable, effective, and economical recovery across all technology domains. The following can be used to classify organization applications and/or systems:

(Mission Critical) :
  • Mission Critical to accomplishing the mission of the organization
  • Can be performed only by computers
  • No alternative manual processing capability exists
  • Must be restored within 36 hours
(Critical) :
  • Critical in accomplishing the work of the organization
  • Primarily performed by computers
  • Can be performed manually for a limited time period
  • Must be restored starting at 36 hours and within 5 days(Essential) :
(Essential) :
  • Essential in completing the work of the organization
  • Performed by computers
  • Can be performed manually for an extended time period
  • Can be restored as early as 5 days, however it can take longer(Non-Critical) :
(Non-Critical) :
  • Non-Critical to accomplishing the mission of the organization
  • Can be delayed until damaged site is restored and/or a new computer
  • system is purchased
  • Can be performed manually
The disaster recovery process will identify the risks and exposures to mitigate their consequences to a level acceptable to senior management. These risks and exposures will assist in identifying the level of recovery required. Requirements will determine which recovery strategy option is needed to support those
requirements.

source:// SANS Institute InfoSec Reading Room
Posted by No comments:
Tags: , ,

Friday, April 20, 2012

The Disaster Recovery Plan - Part 1

Relationship to the Business Continuity Plan

The Business Continuity Plan may be written for a specific business process or may address all mission-critical business processes. The BCP is an umbrella plan whose major sub-components include the Disaster Recovery Plan.

Information systems are considered in the BCP only in terms of their support of those business processes. A Business Continuity Plan (BCP) consists of the following component plans:

· Business Resumption Plan
· Occupant Emergency Plan
· Incident Management Plan
· Continuity of Operations Plan
· Disaster Recovery Plan

The Business Resumption Plan, Occupant Emergency Plan, and Continuity of Operations Plan do not deal with the Information Technology (IT) Infrastructure. The Incident Management Plan (IMP), which does deal with the IT infrastructure, establishes structure and procedures to address cyber attacks against an organization’s IT systems and generally does not involve activation of the Disaster Recovery Plan.


source:// SANS Institute InfoSec Reading Room
Posted by No comments:
Tags: , , , , ,

Architects

are defined by their experience in integrating multiple systems
Posted by No comments:
Tags: , ,

Saturday, March 10, 2012

Standard Performance Evaluation Corporation "SPECjvm2008"

SPECjvm2008 is a benchmark suite, containing several real life applications and some benchmarks focusing on core java functionality. The main purpose of SPECjvm2008 is to measure the performance of a Java Runtime Environment (JRE). It also measures the performance of the operating system and hardware in the context of executing the JRE. It focuses on the performance of the JRE executing a single application; it reflects the performance of the hardware processor and memory subsystem, but has low dependence on file I/O and includes no network I/O cross machines. The SPECjvm2008 workload mimics a variety of common general purpose application computations. These characteristics reflect the intent that this benchmark will be applicable to measuring basic Java performance on a wide variety of both client and server systems running Java. SPEC also finds user experience of Java important and the suite therefore includes startup benchmarks and has a required run category called base, which has to be run without any tuning of the JVM to improve the out of the box performance.
Posted by No comments:
Tags: , , , , ,

Friday, March 9, 2012

Did you know?

that Oracle Solaris 11 is a fully virtualized cloud operating system and has a new availability features to reduce planned downtime by up to 50%.
Posted by No comments:
Tags: , , , ,

Thursday, March 8, 2012

Clever

A friendly way to tell your website visitor, that your website is down for maintenance :)

Posted by No comments:
Tags: , ,
Subscribe to: Posts (Atom)